From 77892d9d22f6f7bd67ff02c440e266597ec6f414 Mon Sep 17 00:00:00 2001
From: Henri Sivonen <hsivonen@iki.fi>
Date: Mon, 1 Aug 2011 10:48:28 +0300
Subject: [PATCH] Bug 563322 part 3 - Successfully prevent script execution in
 the XML fragment case. r=Olli.Pettay.

---
 content/xml/document/src/nsXMLFragmentContentSink.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/content/xml/document/src/nsXMLFragmentContentSink.cpp b/content/xml/document/src/nsXMLFragmentContentSink.cpp
index afbbfe121b6..79be0592224 100644
--- a/content/xml/document/src/nsXMLFragmentContentSink.cpp
+++ b/content/xml/document/src/nsXMLFragmentContentSink.cpp
@@ -271,6 +271,13 @@ nsresult
 nsXMLFragmentContentSink::CloseElement(nsIContent* aContent)
 {
   // don't do fancy stuff in nsXMLContentSink
+  if (mPreventScriptExecution && aContent->Tag() == nsGkAtoms::script &&
+      (aContent->GetNameSpaceID() == kNameSpaceID_XHTML ||
+       aContent->GetNameSpaceID() == kNameSpaceID_SVG)) {
+    nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aContent);
+    NS_ASSERTION(sele, "script did QI correctly!");
+    sele->PreventExecution();
+  }
   return NS_OK;
 }